Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Giving some input parameters to A Burp Suite Extension !..

    Hello Burp, I wrote a new Burp Suite extension and I can load it to Burp and work with Burp. But I want to give a parameter to the extension so this extension can use this parameter while its running. How it is possible? I wrote extension with Java. I guess that there can be some function to create a text box at Details tab which is at Extender tab, and so user can enter parameter to this t...

    1 Agent Answer    0 Community Answer
    Apr 15, 2018 03:03PM UTC
  • AMF

    What is the current state of AMF support within Burp and Burp plugins? Searching through old support post most AMF support seems very outdated. I'm using Pro 1.7.30. I've tried Blazer. It throws a null pointer exception when doing just about anything. I tried the plugin from NetSPI (https://github.com/NetSPI/Burp-Extensions/tree/master/BurpAMFDSer/New_APIs/executables). Loa...

    1 Agent Answer    1 Community Answer
    Apr 06, 2018 11:09PM UTC
  • Burp Extension

    Hello there, I am getting the following exception when I'm trying to log a Jython extension I made, please let me know if anyone has face this :S java.lang.RuntimeException: org.python.core.PyException at burp.ih.a(Unknown Source) at burp.omd.<init>(Unknown Source) at burp.ipb.a(Unknown Source) at burp.wi.c(Unknown Source) at burp.wi.a(Unknown Source) at burp.hd.run(U...

    1 Agent Answer    0 Community Answer
    Apr 06, 2018 07:52PM UTC
  • Extension does not load when BURP is loaded through Windows Task Scheduler while not logged in

    I'm trying to run BURP with my extension with the Windows's Task Scheduler. When I'm logged in, the Task Scheduler is able to open BURP in headless mode and preload my python extension fine. The issue is when I'm not logged into the Windows. I written an command line output to txt file so I see BURP was successfully opened, but I don't see my see outputs from my extensi...

    2 Agent Answers    1 Community Answer
    Apr 04, 2018 05:59PM UTC
  • BurpSmartBuster Not Working

    Hello, Whenever I try to use BurpSmartBuster it generates errors and does not work properly. It had worked at some point in the past, but that was at least 6 months ago. I am using Burp Suite Pro 1.7.32, on Windows 10. These are the errors I see in the Extender section for BurpSmartBuster: Exception in thread Thread-smartRequest:Traceback (most recent call last): File "C:\Users\&l...

    1 Agent Answer    0 Community Answer
    Mar 25, 2018 06:43PM UTC
  • Design new extension - Problem with buildRequest and URL Encode

    Hi! I'm new to extending Burp and I wanted to add an active scanner plugin for some injections. When I making the requests with a payload with special characters, for example <script>alert(1)</script>, the request encoded my payload with "URL encode". My code is as follows: for(String payload: payloads){ IHttpRequestResponse test = this.callbacks.makeHttpRe...

    6 Agent Answers    6 Community Answers
    Mar 23, 2018 12:11PM UTC
  • burp collaborator

    How to use collaborator and what are settings for to use it? and can any one provide me an example for how it works.

    1 Agent Answer    0 Community Answer
    Mar 22, 2018 05:12PM UTC
  • callbacks.makeHttpRequest encode special characters to url encode

    Hi! When I making the requests with special characters, for example <>, the request is encoded with "URL encode". How could I send the request without encoding anything? My code is as follows: for(String payload: payloads){ IHttpRequestResponse test = this.callbacks.makeHttpRequest(httpService,insertionPoint.buildRequest(helpers.stringToBytes(payload))); } The reque...

    1 Agent Answer    0 Community Answer
    Mar 21, 2018 09:04AM UTC
  • API function to check if URL is in scope?

    I have created a custom extension that takes all requests of a certain domain from the sitemap, does some magic on the insertion points and then adds the requests with custom insertion points to the active scanner. I'm having a problem with ensuring that I only add requests that are in scope. Is there an API function that can be called to check if an URL is in scope?

    1 Agent Answer    0 Community Answer
    Mar 13, 2018 09:55AM UTC
  • How is PHP Object Injection is reported by burp extension "PHP Object Injection Check"?

    While scanning the XVWA (Xtreme Vulnerable Web Application) consisting the vulnerability-PHP Object Injection i.e. Insecure Deserialization, burp extension "PHP Object Injection Check" doesn't report with the same name. As burp insert payload PDO object also means plug-in is working, but vulnerability is not getting reported. If there are any prerequisites for using this plugi...

    1 Agent Answer    0 Community Answer
    Mar 01, 2018 08:38AM UTC